Do we need a global cybersecurity framework?

This issue is particularly topical, it is of rising importance globally and affects all of us – whether we realise it or not.

In terms of global communications, we are living through the most exciting period in human history. There are almost as many mobile subscriptions as there are people on the planet and by the end of 2013, 2.7 billion people will be using the internet; with 2.1 billion active mobile-broadband subscriptions.

The internet is a global resource, a basic commodity and a valuable international platform for exchange where everyone is able to participate. Many of us will recognise benefits such as; the exchange of ideas, access to healthcare and education, the buying and selling of products and services, and keeping in touch with friends and family.

However, there is a dark side to this global resource which stems from the misuse of information and communication technologies, ICTs. Cyberthreats and cybercrime are a natural consequence of so many people globally embracing the advantages that ICTs bring to our world.

But there are some startling facts from the 2013 Internet Security Threat Report from ITU-IMPACT;

– There was a 42% increase in targeted attacks in 2012.
– The number of phishing sites spoofing social networking sites increased 125%.
– Web-based attacks increased 30%.

Such trends are rising; high-profile attacks are continuing to hit major organisations, cybercriminals are becoming more skilled at penetrating organisations and avoiding detection. Hacker groups are increasingly trying to profit by abusing legitimate online revenue sources such as online advertising.

The job of the cybercriminal and hacker is made easier by the new generation of young social networkers as they are far more likely to reveal personal data online. Another worrying trend is the ‘crimeware-as-a-service’ market which allows even technically-unsophisticated criminals to cause maximum damage. It is frightening to discover that you can now hire someone to carry out a Denial of Service (DoS) attack for as little as two US dollars an hour! In the near future, it may not just be cybercriminals that use these approaches.

Allow me share with you some consequences of cybercrime:

Annual losses of over 110 billion dollars, with over 550 million adults worldwide experiencing some form of cybercrime last year. In financial terms, this is the equivalent of the entire GDP of a country like Morocco, Slovakia or Bangladesh. In human terms, this is significantly greater than the entire population of Europe.

Almost half of teenagers aged 13 to 17 report they have experienced some form of cyberbullying in the past year. Three quarters of young people involved in aggressive sexual solicitations in the real world met their aggressors online.

These issues need to be addressed as everything depends on ICTs in today’s world. The internet has become the important global resource it is today thanks to a tremendous spirit of openness, innovation, freedom of expression and multi-stakeholderism.

Although it is clearly essential to protect the right of freedom of expression; the right to communicate; and the right to privacy, we must recognise that none of these freedoms can exist without security – especially in the online world.

If you cannot ensure your personal information is secure, how can you use ICTs with trust and confidence? A balance between security and privacy needs to be struck.

Clearly, we need to reduce the illicit use of ICTs as much as possible – with a forward-looking vision that is multilateral. ITU has been playing its role in bringing global stakeholders together, but it is evident that no single entity can achieve this vision alone.

However, good progress is being made:

Key global figures like China, Russia and the USA are realising the importance of dialogue, the EU has established a framework on cybersecurity that is endorsed by all EU Member States and the new International Telecommunication Regulations (ITRs) have a specific provision that provides an international framework on security.

There are other key initiatives such as ITU-IMPACT which is the world’s first comprehensive alliance against cyber threats and has now been formally endorsed and is offering services to 145 countries. It brings together multiple stakeholders to enhance the global community’s capabilities in dealing with cyber threats.

Child Online Protection (COP) provides guidance on safe online behaviour in conjunction with other UN agencies and partners. It is an international collaborative network for action, with a growing number of partners, to promote the online protection of children worldwide.

Arguably, a global issue requires a global framework with the full and active participation of governments, the private sector and civil society. In the fullness of time, I believe this is possible, but we need to continue to work hard to improve coordination, collaboration, and of course, trust, between all stakeholders involved.

This post reflects the content of a speech that Dr. Touré recently delivered at the Geneva Press Club.

By Dr Hamadoun I. Touré

Dr Hamadoun I. Touré has been Secretary-General of the ITU since January 2007; he was re-elected for a second term in October 2010. He has wide professional experience in both the public and private sectors. A national of Mali, Dr Touré is committed to ITU as an innovative, forward-looking organization adapted to meeting the challenges created by the rapidly-changing ICT environment, and to continuing to spearhead ITU towards implementing the resolutions of the World Summit on the Information Society (WSIS) and achieving the Millennium Development Goals (MDGs). Dr Touré is married with four children and two grandchildren.

Obviously, there is no need to be a “geek” to realize the importance of cybersecurity nowadays ! The world has engaged on a “non-return” course for digitalization. Be it for trendy or more professional motives, a large share of of today’s personal, corporate and governmental activities (social interactions, business transactions, for-profit and non-profit campaigns, etc.) do take place online ! That trend is doomed to keep increasing. For instance, large corporations are more and more awakening to the necessity of moving their entire communication to social network platforms (like Facebook). Of course such radical choices have their associated risk (e.g.: some degree of loss of control) factors as well as cost considerations. It is a well know fact that physical operations (like bank notes transfer or material move of any valuables in general) are surrounded with due security dispositions. So should electronic transactions. Arguably, the latter even require even tighter security measures in that they are more volatile, less tangible. It is my conviction that cybersecurity should and will get more attention in the future. Our collective future all depends on it !